Vulnerabilities > Openttd > Openttd > 0.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-09-08 | CVE-2011-3343 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file. | 4.6 |
| 2011-09-08 | CVE-2011-3342 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame. | 7.5 |
| 2011-09-08 | CVE-2011-3341 | Numeric Errors vulnerability in Openttd Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command. | 7.5 |
| 2010-07-28 | CVE-2010-2534 | Resource Management Errors vulnerability in Openttd The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue. | 5.0 |
| 2010-05-05 | CVE-2010-0406 | Resource Management Errors vulnerability in Openttd OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. | 4.0 |
| 2010-05-05 | CVE-2010-0402 | Code Injection vulnerability in Openttd OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command. | 6.5 |
| 2010-05-05 | CVE-2010-0401 | Permissions, Privileges, and Access Controls vulnerability in Openttd OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. | 6.5 |
| 2009-12-28 | CVE-2009-4007 | Remote Denial of Service vulnerability in OpenTTD Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine. | 5.0 |
| 2009-03-10 | CVE-2008-3547 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients." | 9.0 |
| 2008-08-10 | CVE-2008-3577 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openttd Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. | 4.6 |